General Information

The Magicline Open API allows Third Party applications to access our data in a common and standardized manner. You can use this API to get customers, contracts and other information. We use OpenAPI 3.0. specifications for all our endpoints.


The Magicline Open API uses persistent key authentication, separate for every studio in Magicline. Keys are generated automatically when a studio owner requests an integration with your App. Upon activation, you will receive an email with OpenAPI studio keys and the base URL. In order to authenticate properly you have to send the OpenAPI key in x-api-key header. We will validate the key and check whether it is valid and matches the current studio.


If you have requested access to the ML Open API and webhook functionality we will send two API Keys upon activation of your integration. The API Keys are used for inbound requests to our endpoints and outbound requests of our webhook events.

API requests

All API requests must be made over HTTPS. The https://<tenant_name> URL is the request base URL. The complete URL varies depending on the accessed resource.

For example, to get a list of customers from a specific facility, you must make an HTTP GET request to the https://<tenant_name> URL.

The base URL, including the <tenant_name>, is part of the activation email and must always match the corresponding x-api-key. If you have registered webhooks you must look up the base URL by the x-api-key header you receive with every webhook event.

Image handling

Please take into consideration that all URLs with an image to download will expire after a specified time. The exact expiration time can be found documented in the endpoint response field.

Rate limit

All Open API endpoints have a rate limit. Every endpoint has a separate request counter. The default rate limit is 1000 requests per minute. After exceeding the limit, every request for the next minute will be denied with a 429 response code.

Data chunking

Certain GET calls, especially bulk requests, may return a large number of records. To make handling large payloads easier, we provide a way to control the maximum number of responses through data chunking. We provide an offsetId parameter to control where the next chunk should start from. To fetch the next chunk use returned lastOffsetId in succeeding request. Last chunk is indicated by hasNext: false property value. Example response:

  "result": [
      "id": 1210206595,
      "firstName": "Eduardo",
      "lastName": "Thomas",
      "dateOfBirth": "2018-01-01",
      "email": null,
      "gender": "UNISEX",
      "street": "Mörikestraße",
      "houseNumber": "27",
      "zipCode": "24113",
      "city": "Molfsee",
      "country": "DE",
      "status": "MEMBER",
      "cardNumbers": [
      "id": 1210206596,
      "firstName": "Terrence",
      "lastName": "Hernandez",
      "dateOfBirth": "2018-01-01",
      "email": null,
      "gender": "UNISEX",
      "street": "Talstraße",
      "houseNumber": "144",
      "zipCode": "68259",
      "city": "Mannheim",
      "country": "DE",
      "status": "MEMBER",
      "cardNumbers": [
  "lastOffsetId": 1210206596,
  "hasNext": true

Error Handling

The ML Open API uses HTTP Status codes to reflect a successful or unsuccessful request. 2XX status codes represent a successful request, 4XX/5XX status codes represent an error. If you receive an error status code, check the body for an error code and message. Table of error codes:

Http Code Reason
400 Validation of the request failed, check request with specification.
401 Authentication failed. Probably wrong or missing OpenAPI key.
403 Permission denied. The caller has no permission for the requested resource.
404 Requested entity not found.
429 Access denied - rate limit is exceeded.
500 Unexpected system error - internal problem.